The Apple iOS backdoor that wasn’t

“Last weekend, a hacker who’s been campaigning to make a point about Apple security by playing fast and loose with the now widely-accepted definition of ‘backdoor’ struck gold when journalists didn’t do their homework and erroneously reported a diagnostic mechanism as a nefarious, malfeasant, secret opening to their private data,” Violet Blue reports for ZDNet.

“Speaking at the Hackers On Planet Earth conference in New York, Jonathan Zdziarski said that Apple’s iOS contains intentionally created access that could be used by governments to spy on iPhone and iPad users to access a user’s address book, photos, voicemail and any accounts configured on the device,” Blue reports. “As he has been doing since the Snowden documents started making headlines last year, Mr. Zdziarski re-cast Apple’s developer diagnostics kit in a new narrative, turning a tool that could probably gain from better user security implementation into a sinister ‘backdoor.'”

“Since Mr. Zdziarski presented ‘Identifying back doors, attack points, and surveillance mechanisms in iOS devices,’ his miscasting of Apple’s developer diagnostics as a ‘backdoor’ was defeated on Twitter, debunked and saw SourceClear calling Zdziarski an attention seeker in Computerworld, and Apple issued a statement saying that no, this is false,” Blue reports. “In fact, this allegedly ‘secret backdoor’ was added to diagnostic information that has been as freely available as a page out of a phone book since 2002. The packet capture software used for diagnostics referenced by Mr. Zdziarski in support of his claims is similar in functionality as the one that’s installed on every Apple laptop and desktop computer for diagnostics.”

Read more in the full article here.

Related articles:
Apple responds to allegations of iOS ‘backdoor’ – July 22, 2014
Forensic scientist claims suspicious ‘back doors’ running on every iOS device – July 21, 2014

20 Comments

  1. I am no security expert, but my first thought when this guy came out with his smear campaign was “probably something that Apple uses for diagnostics”. Now if THAT went through my mind, how the hell could some “expert” not see this?

  2. Ah what a fun read from MEGA EGO by Violet “Lookie me I’m a jouranalist” Blue.

    She starts off putting the Permanent P in PMS by stating “On Monday, several media outlets mistakenly reported that Apple had installed “backdoors” on millions of iPhones and iOS devices.” but obviously she is using one of those aim for Bin Laden hit Saddam Hussein guidance systems that make a lot of noise, misses their target completely but does provide good kills for coverage of the evening news so who cares if the victims were innocent.

    I haven’t read any such articles she refers to. Al the ones I’ve read, including the ones that she links to reports that a security researcher Jonathan Zdziarski has accused Apple of installed backdoors. That’s what the topic has been about from what I’ve read.

    With a name like Violet Blue and a reference to another definition of a backdoor lends credibility to the idea that maybe Violet has lots of experience with such adult activities. I’m sure an in depth probe by experts will confirm this but right not it’s pure unadulterated speculation, not unlike modern day jouranalism.

    Butt enough of Violet’s ass, for while that may be ample the grey matter better her rears seems to be lacking and wow, can this ever be seen at the end of the article.

    I love the Mega Ego posture these energy vultures have.
    – “journalists didn’t do their homework” with the innuendo that Violet did.
    – “It appears that no one reporting Zdziarski’s claims as fact attended his talk, watched it online, and less than a handful fact-checked or consulted outside experts. Which is, incidentally, what I did.” Oh no innuendo implication there.
    – “Mind you, I’m quick to call Apple on its issues.” implying that everyone else is slow. Of course it’s always important to get the John off quickly, any good Violet should know that.
    – ” I was first to report seeing an iPhone getting hacked in 60 seconds with a malicious charger”

    It isn’t a report, it isn’t a news article, it’s a ME ME ME fest.

    The smoke and mirrors of course comes from the dangling of Violet’s alluring ideas of “I consulted the experts” and “I can twit my twat on twitter” but underneath that veneer there is no substance.

    Violet, in true form mentions so called experts but provides absolutely no substance save for a brief comment “the researchers I consulted kindly told me there was no “there” there.” True to modern jouranalistic from Violet provides no names of those experts she consulted with, and no links from these purported experts to counterclaims made. It could be true, I guess we’ll just have to wait until a real journalist shows up and does the job right. That could take a while.

    Violet is a good argument to show that for most modern day jouranalist there are a couple of places the sun don’t shine.

      1. Nope, it’s just a trashy piece of journalism and as she started off with incorporating another definition of backdoor I decided to run with it, purely for entertainment value.

        I was tempted to make fun of the word “vuln” she used in her article. More than likely it is an shortening of the word vulnerable in the context she had written it but the actual definition for vuln means to wound (oneself) by biting at the breast.

        Conversely however I’d most definitely turn her down for a date. It’s nothing personal I just don’t think she could afford me on her salary.

      1. I love women and I’m certainly not challenging the potentially fine loving capacitities that Violet has as a woman but rather her journalistic abilities. I know I know I should have used the /sshjt (sarcasm, satire, humor, joke tag) butt hey she’s the one that started wit the backdoor joke.

        I’ve certainly used the same approach with other jouranalists both male and female and I don’t hate them whatsoever.

        Now pity and disdain (for jouranalists that is), that’s a different story.

      1. Yup, easily recognizable, by their attempted singular insulting sentence aimed at disturbing others without any intention of engaging in civilized discourse one the issue(s) brought forth.

        Your response clearly points out to those that read the depth and character of the feedback on the issue present and brings your stone casting right back to you as if it were a boomerang.

  3. We had a semi-flame war here over my summary of the situation earlier in the week.

    Yesterday, I was able to watch Steve Gibson’s assessment on his Security Now! podcast over at TWiT.tv. He spoke while the author of the research, Jonathan Zdziarski was listening while in the IRC chat room.

    Gibson had obtained and read the full paper as well as the lecture slides. His main point was that ALL of the potentially insecure processes Jonathan Zdziarski found could only be accessed via a user trust approved physical connection of an iOS device to another computing device. Even accessing the packet sniffer is not trivial. This fact has been echoed this week by other security analysts as well.

    Steve Gibson came to one critical conclusion: Apple has optimized its iOS security while balancing it with user functionality. BUT, ideally Apple should require every user to verify their trust of any device to which they physically link their iOS device every time they connect. The current status is that trust verification, as of iOS 7, is set by default to run only the first time devices connect. After that time, trust is automatic. That should NOT be the case.

    Leo Laporte pointed out that the free Apple Configurator application, available at Apple’s Mac App Store, allows users and administrators to remove the default setting and instead force trust verification with every physical connection.

    Gibson stated (this was as of Tuesday, 2014-07-22) that Apple needed to make a more definitive statement about these processes than merely a typical vague PR statement. Thankfully, Apple did exactly that, (also on Tuesday). Apple’s response can be read here:

    iOS: About diagnostic capabilities

    I have to hand it to Apple for jumping on this situation immediately.

    Q: Could the NSA use these processes to access iOS device user data?

    A: Yes. But again, it requires the user to verify trusting the computing device to which their iOS device is being connected. Otherwise, the answer is NO. If the NSA was pulling an illegal surveillance crime, they’d have to brute force access into the device. Once inside a device, legally or not, they have access to everything on the device anyway!

    IOW: This turns out to be very interesting, but indeed as I said: NOT of concern at this time. I expect further analysis of what Jonathan Zdziarski found will be performed. If actually dangerous tech is found, no doubt we’ll hear about these issues again.

    1. Your post is so much more valuable than the drivel written by Violet. You refer to the name of experts and while you incorporate your own persona into the post I don’t get a sense of it being a chest beating “me me me fest.”

      So the good news is that I thoroughly enjoyed it. The better news is that you obviously don’t have what it takes to become a modern day jouranalist. I’m sure that comes as a relief to you, if you did not know about it all ready.

      Enjoy your weekend, always a pleasure Derek.

      1. you obviously don’t have what it takes to become a modern day journalist.

        That method of back-handed complement is new to me! I get an actual complement while the ‘professional’ journalists get slapped. You’ll enjoy the addendum I added below my initial post.

        It can be difficult to avoid the ‘me me me’ crap in our current culture where ME is the deliberate center of every person’s universe. This is actually the natural state of human thought on any occasion, but these days it is emphatic.

        For younger, growing minds, it is natural to become defensive of one’s thoughts. I still find myself wanting to do it at times. It’s a natural response to one’s insecurity. Learning means humbleness while knowing that it’s important to state one’s opinion, hopefully as informed an opinion as possible. I personally find it important as well to shove the haters back into their hate boxes in order to allow more sane communication to proceed without their noise noise noise. Where that’s a problem is when I blunderingly stomp on worthwhile opinions from people who use the hater persona as simply a defense from the actual hard core haters who lurk about. It always astounds me how there can be remarkable people hidden behind defensive gruff and mean exteriors. My father is an excellent example. 😉

        1. I’m glad you got the intent of my complement as I thought you would and I loved your add on below.

          You mention something very important, the idea of humility. I like to think I keep an open mind and I have changed it several times. I recently wrote one of my regular diatribes on America that you are no doubt familiar with when another poster took me on because of the number of votes I had received for it. I have java and java script turned off most of the time so I did not know what he was talking about. When I turned Java on I saw to my amazement that I had over 40 votes with a ranking of 4/5. That has had quite an impact on me. I know that a lot of replies directed to me are less than complimentary but to get that sort of feedback on the votes made me realize that that the points I am making do have value to people. It is very humbling to me, in the way it should be and it gives me hope that there are good decent Americans that are wondering what exactly has happened and is happening to their country.

          There is a lot of hatred, heck the headlines are full of “kill”, “bloodbath”, and “thermonuclear” ideas repeated onto the population, that consumes the ideas like a mantra. It reminds me of something I noticed during the Mac/Windows conflict years. Mac users LOVED to use Macs. Window users never said they loved Windows, rather that they hated Macs.

          Apple products and services are great, their ideas are great, to me they have what it takes. Apple for me is about love great products from a great company first and foremost. It isn’t about hating the long list of other companies that don’t get it and try to get in Apple’s way. Apple’s always had its distractors.

          Still it’s full speed ahead for Apple.

          I’ll catch you round, thanks again for the post and the sentiments you’ve so kindly shared today.

          1. I was not born with natural language skills. I’ve had to bash at it because it’s a tool I require for what I want to do. Messing up which is which, complement and compliment is very my I’m afraid. That’s why I enjoy Hannagh occasionally looking over my shoulder, keeping my grammar and spelling in line. 😉

    2. BTW: Another thing Steve Gibson pointed out is that Jonathan Zdziarski’s research paper was finished and made available in 2013. No scare-fest resulted. It was only after Jonathan presented his paper publicly this past weekend and provided his slides online that the press went maniacal and his findings became ‘news’. Steve pointed out how issues like this only come to the fore once they have obvious entertainment/click appeal. That’s not a good thing.

      He also pointed out that very few journalists, including the every lame Violet Blue, didn’t bother to purchase and consult the source research paper. They had either attended the lecture ONLY, or and consulted the provided slides ONLY. That’s not journalism. It’s plain old lazy, cheap, stupid and inadequate.

      It’s nice that Violet Blue parroted the correct conclusion. But she based it entirely on mere hearsay. If your writing on a professional level, that’s NOT acceptable.

    3. Just off the top of my head. So if a hacker takes control of a computer already trusted by said iOS device they then have full access to the device? I can see your point of having verification EACH time a connection is made in that case.

  4. The hype around this mid-information achieved what the guy wanted – to bring attention to himself.

    Well it did that, but it also made him look like a fucking idiot.

    RTFM DICK HEAD (Read the fucking manual)

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.